Oracle,
OpenSSL and SafeLogic have made a seed investment in developing the next
generation open source OpenSSL 1.1 FIPS 140-2 module, and called for
others to join the effort. OpenSSL is the most widely used and respected
cryptographic library protecting data transfers across computer
networks.

The Federal Information Processing Standard (FIPS) 140-2 is a joint U.S.
and Canadian government security standard for testing cryptographic
modules, the objective of which is to ensure the use of strong and
validated cryptographic protection in U.S. and Canadian government
systems. However, it’s also widely respected and informally accepted by
other countries and non-government industries as a strong and
trustworthy standard for cryptographic modules used within commercial
products. The current FIPS module for OpenSSL has not had a significant
upgrade since 2012, during which time encryption standards have
significantly evolved. Helping drive the updated OpenSSL FIPS project
forward, Oracle has made a $50,000 seed investment to start the project,
with another $50,000 to follow based on the progress of the effort.

“Ensuring that OpenSSL maintains an up to date FIPS implementation is
critical to helping maintain the security posture of sensitive data on
government systems and the continuous safety of millions of transactions
performed daily. We as a community have a responsibility to maintain the
confidence of users in these systems,” said Jim Wright, Chief Architect,
Open Source Policy, Strategy, Compliance and Alliances at Oracle. “Given
the complexity of the task at hand, we encourage other software vendors
to join us in and donate to this project to deliver a free, open-source
FIPS module that will benefit everyone.”

In addition to working closely with the OpenSSL Foundation’s team,
Oracle and SafeLogic have worked closely on both investments in and the
project framework of this effort. SafeLogic has been actively working
with OpenSSL on this project since July 2016.

“This
is what we've been waiting for—getting this effort off to a good strong
start—and with a few more partners from the community, we'll be on our
way toward a complete FIPS 140-2 solution for OpenSSL releases 1.1 and
later,” said Steve Marquess, President of OpenSSL Validation Services,
Inc. “We're already hard at work on the initial stage of designing a new
module to accommodate the many changes in FIPS 140 validations over the
past five years, and looking forward to a modernized implementation that
can support the community for years to come.”

“Oracle has made a significant pledge, underscoring their crucial role
in the future of open source FIPS 140-2 capabilities,” said SafeLogic
CEO Ray Potter. “Other sponsors with a vested interest should get in
touch with SafeLogic to arrange their own donations, as we are
administering contributions to directly fund both the hard and soft
costs of the OpenSSL 1.1 FIPS Module project.”